https://bugs.kde.org/show_bug.cgi?id=387950
--- Comment #2 from Bo Weaver <b...@boweaver.com> --- (In reply to Elvis Angelaccio from comment #1) > (In reply to Bo Weaver from comment #0) > > Today I updated my system and found that Dolphin and Kate no longer run > > under root. I look and saw that this is considered a security issue. As a > > Pen Tester I run under root during testing. I do understand that normally > > you would never run under root. When you logged in as root then why is it a > > problem accessing files with dolphin? If the problem is these is a security > > hole from a normal user account because root can access files with Dolphin > > then fix the problem don't just break it and turn it off this doesn't "fix" > > anything. > > No, the problem is that Xorg is not secure. See > https://cgit.kde.org/kate.git/commit/ > ?id=9adcebd3c2e476c8a32e9b455cc99f46b0e12a7e > I did check out the link and according to the link the problem is "simple bugs in either kate/kwrite itself or in the underlying libraries such as Qt, XLib or xcb." Wouldn't the correct path be fix the bugs in the underlying libraries not just kill the application? If these are shared libraries then they could be also exploited when say the Systems Manager is opened or the Update Manager is ran. Killing Kate wouldn't fix an issue with shared libraries. > > > Dear developers people need to access system files from time to time and > > change those files. > > Kate already prompts for the root password whenever you edit a system file. > Dolphin will soon, hopefully. I don't "see" a prompt I can't open a file. Kate just doesn't run at all. Only when starting kate from the command line am I given an error response. You missed my point. I am logged in as root. Everything I'm doing is dangerous. I know this an assume all responsibility for this. I need this function for my job. Just killing access to Kate and Dolphin will not protect anything when logged in as root. I'm not talking about sudo or running Kate "as root" from a users account. The only thing that is accomplished is I have to LeafPad to edit a file. Kate has been my favorite text editor for years. I do understand that on most machines the root account is and should be locked by default. When I set up a Linux box for a normal person I leave it this way your right they don't need full access in the same manner I do. Still they're are some of us that need that level of access and are advanced enough to use a system in that mode and are willing to assume responsibility for any actions taking my the themselves. If your application is not secure enough to be run by a root user it should not even be on the system. Basically you're saying don't run KDE on Kali Linux. Is this right? > > *** This bug has been marked as a duplicate of bug 152150 *** -- You are receiving this mail because: You are watching all bug changes.
